NS-SA-2025-1002
2025-03-28 00:00:00
简介
important: PackageKit security update
严重级别
important
主题
An update for PackageKit is now available for NewStartOS V4.5.2
NewStart Security has rated this update as having a security impact of critical.
详细描述
The vulnerability is located in org. free in/var/share/polkit-1/actions/org. freedesktop. packaging.policy
The validation of the behavior of desktop. packagekit. package-install-Untrusted is configured in this operating system to be callable by any user, thus enabling arbitrary installation of packages through certain behaviors of the package service.
影响组件
影响产品
更新包
{"fix":[{"product":"NewStartOS V4.5.2","pkgs":[{"binary":["PackageKit-1.1.13-13.zncgsl6.x86_64.rpm","PackageKit-cron-1.1.13-13.zncgsl6.x86_64.rpm","PackageKit-glib-1.1.13-13.zncgsl6.x86_64.rpm ","PackageKit-gstreamer-plugin-1.1.13-13.zncgsl6.x86_64.rpm","PackageKit-gtk3-module-1.1.13-13.zncgsl6.x86_64.rpm","PackageKit-command-not-found-1.1.13-13.zncgsl6.x86_64.rpm"],"source":"PackageKit-1.1.13-13.zncgsl6.src.rpm"}]}]}
NewStartOS V4.5.2
- PackageKit-1.1.13-13.zncgsl6.src.rpm
- PackageKit-1.1.13-13.zncgsl6.x86_64.rpm
- PackageKit-cron-1.1.13-13.zncgsl6.x86_64.rpm
- PackageKit-glib-1.1.13-13.zncgsl6.x86_64.rpm
- PackageKit-gstreamer-plugin-1.1.13-13.zncgsl6.x86_64.rpm
- PackageKit-gtk3-module-1.1.13-13.zncgsl6.x86_64.rpm
- PackageKit-command-not-found-1.1.13-13.zncgsl6.x86_64.rpm
CVE
参考